Patents by Inventor Jechun Chiu

Jechun Chiu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11005814
    Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.
    Type: Grant
    Filed: June 10, 2014
    Date of Patent: May 11, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Joseph A. Curcio, Jechun Chiu, Bruce E. Lavigne, Wei Lu, Shaun Wakumoto, Mauricio Sanchez, Matthew Laswell
  • Patent number: 10348684
    Abstract: Examples include a network device to filter a packet for a packet type. The network device includes a filter to receive the packet and to determine whether the packet is a defined packet type. The network device also includes a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched packet or an unmatched packet. A processing resource of the network device may receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: July 9, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Shaun Wakumoto, Freeman Yufei Huang, Tomas Navarro, Nam Soo Kim, Bruce E Lavigne, Jechun Chiu, Sebastien Tandel
  • Patent number: 10341389
    Abstract: In some examples, a system receives a context of an application to request a set of network traffic, the context including a requested behavior of a service enabled by the application, and provides a policy to a network device of a network, the policy to regulate the set of network traffic based on the context, the policy provided to the network device to cause the network device to route the set of network traffic based on applying the policy, the routing comprising forwarding the set of network traffic to a destination or denying transmission of the set of network traffic to the destination.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: July 2, 2019
    Assignee: Hewlett Packard Enterprise Department LP
    Inventors: Bryan Stiekes, Sebastien Tandel, Jechun Chiu
  • Patent number: 10148459
    Abstract: Network service insertion includes determining a tunnel interface corresponding to a service entity to which an incoming packet is to be directed, the tunnel interface being determined based on software defined network (SDN) flow rules. Further, the incoming packet can be encapsulated based on a tunnel configuration corresponding to the tunnel interface to generate an encapsulated packet such that the encapsulated packet includes media access control (MAC) address headers and a virtual local area network (VLAN) tag associated with the incoming packet. The encapsulated packet can be sent to the service entity through the tunnel interface for network service insertion.
    Type: Grant
    Filed: April 29, 2014
    Date of Patent: December 4, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Jechun Chiu, Venkatavaradhan Devarajan, Duane Edward Mentze, Craig Joseph Mills
  • Publication number: 20180332081
    Abstract: In some examples, a system receives a context of an application to request a set of network traffic, the context including a requested behavior of a service enabled by the application, and provides a policy to a network device of a network, the policy to regulate the set of network traffic based on the context, the policy provided to the network device to cause the network device to route the set of network traffic based on applying the policy, the routing comprising forwarding the set of network traffic to a destination or denying transmission of the set of network traffic to the destination.
    Type: Application
    Filed: July 23, 2018
    Publication date: November 15, 2018
    Inventors: Bryan Stiekes, Sebastien Tandel, Jechun Chiu
  • Patent number: 10044760
    Abstract: In one implementation, an example system may include a policy engine. The policy engine may receive a context of an application to request a set of network traffic and provide a policy rule to a network device of a network path. In another implementation, an example system may identify a party and a requested behavior of the service and maintain a context to determine a policy rule to regulate a set of network traffic associated with the service based on the party and the requested behavior. In another implementation, an example method may comprise receiving a service request and an authentication, identifying a party, identifying a behavior, and deploying a policy to a network device of a network based on the party and the behavior.
    Type: Grant
    Filed: December 4, 2013
    Date of Patent: August 7, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Bryan Stiekes, Sebastien Tandel, Jechun Chiu
  • Publication number: 20180063084
    Abstract: Examples include a network device to filter a packet for a packet type. The network device includes a filter to receive the packet and to determine whether the packet is a defined packet type. The network device also includes a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched packet or an unmatched packet. A processing resource of the network device may receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match.
    Type: Application
    Filed: September 1, 2016
    Publication date: March 1, 2018
    Inventors: Shaun WAKUMOTO, Freeman Yufei HUANG, Tomas NAVARRO, Nam Soo KIM, Bruce E. LAVIGNE, Jechun CHIU, Sebastien TANDEL
  • Publication number: 20170142132
    Abstract: An example of a computing system is described herein. The computing system includes a network switch configured to direct network traffic. The computing system also includes a network device to receive the network traffic. The computing system further includes a controller coupled to the network switch. The controller is to monitor network traffic in the network switch and generate a policy to instruct the network switch in selecting a portion of the network traffic to direct to the network device.
    Type: Application
    Filed: June 10, 2014
    Publication date: May 18, 2017
    Inventors: Joseph A. CURCIO, Jechun CHIU, Bruce E. LAVIGNE, Wei LU, Shaun WAKUMOTO, Mauricio SANCHEZ, Matthew LASWELL
  • Publication number: 20170142071
    Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.
    Type: Application
    Filed: June 10, 2014
    Publication date: May 18, 2017
    Inventors: Joseph A. CURCIO, Jechun CHIU, Bruce E. LAVIGNE, Wei LU, Shaun WAKUMOTO, Maurcio SANCHEZ, Matthew LASWELL
  • Publication number: 20160352538
    Abstract: Network service insertion includes determining a tunnel interface corresponding to a service entity to which an incoming packet is to be directed, the tunnel interface being determined based on software defined network (SDN) flow rules. Further, the incoming packet can be encapsulated based on a tunnel configuration corresponding to the tunnel interface to generate an encapsulated packet such that the encapsulated packet includes media access control (MAC) address headers and a virtual local area network (VLAN) tag associated with the incoming packet. The encapsulated packet can be sent to the service entity through the tunnel interface for network service insertion.
    Type: Application
    Filed: April 29, 2014
    Publication date: December 1, 2016
    Inventors: Jechun CHIU, Venkatavaradhan DEVARAJAN, Duane Edward MENTZE, Craig Joseph MILLS
  • Publication number: 20160308905
    Abstract: In one implementation, an example system may include a policy engine. The policy engine may receive a context of an application to request a set of network traffic and provide a policy rule to a network device of a network path. In another implementation, an example system may identify a party and a requested behavior of the service and maintain a context to determine a policy rule to regulate a set of network traffic associated with the service based on the party and the requested behavior. In another implementation, an example method may comprise receiving a service request and an authentication, identifying a party, identifying a behavior, and deploying a policy to a network device of a network based on the party and the behavior.
    Type: Application
    Filed: December 4, 2013
    Publication date: October 20, 2016
    Inventors: Bryan Stiekes, Sebastien Tandel, Jechun Chiu
  • Publication number: 20150058985
    Abstract: A network access apparatus includes a processor and an interface to receive a plurality of packets that originate from a client device. The apparatus also includes a network access module that is to perform a forwarding function on the plurality of packets, to determine whether the received plurality of packets comprise a predetermined type of communication, and to instruct the control module to analyze the plurality of packets in response to the plurality of packets being determined as comprising the predetermined type of communication. The apparatus further includes a control module that is to determine a feature of the plurality of packets received from the network access module, to determine whether the feature matches a configuration of a plurality of predetermined configurations, and to perform a predefined action on the plurality of packets in response to the feature matching the configuration.
    Type: Application
    Filed: April 30, 2012
    Publication date: February 26, 2015
    Applicant: Hewlett-Packard Development Company, L.P.
    Inventors: Mauricio Sanchez, Jechun Chiu, Charles F. Clark
  • Publication number: 20140282867
    Abstract: Data can be stored, at a network device, in a device local reputation score cache. The data can include a reputation score for a domain name. The network device can receive a domain name system (DNS) data unit and determine if a domain name in the DNS data unit has a reputation score stored in the device local reputation score cache.
    Type: Application
    Filed: March 15, 2013
    Publication date: September 18, 2014
    Applicant: Hewlett-Packard Development Company, L.P.
    Inventors: Byung Kyu Choi, Duane E. Mentze, Jechun Chiu